[git commit] selinux: drop deprecated headers

[Mike Frysinger]

commit: https://git.busybox.net/busybox/commit/?id=c6f35241b38ea0c9581409efcd83716b74918903
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

The selinux guys want you to get class values at runtime by converting
textual names into constants.  Drop the deprecated headers and switch
to the new format.

This API has been around for years, so there shouldn't be an issue
with backwards compatibility.

Signed-off-by: Mike Frysinger <vapier at gentoo.org>
---
 include/libbb.h       |  2 --
 libbb/update_passwd.c | 13 ++++++++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/include/libbb.h b/include/libbb.h
index a42a2fba89e9..2e9ea46e2f0c 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -81,8 +81,6 @@
 #if ENABLE_SELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
-# include <selinux/flask.h>
-# include <selinux/av_permissions.h>
 #endif
 #if ENABLE_FEATURE_UTMP
 # if defined __UCLIBC__ && ( \
diff --git a/libbb/update_passwd.c b/libbb/update_passwd.c
index a2004f480ca7..6255af492a1f 100644
--- a/libbb/update_passwd.c
+++ b/libbb/update_passwd.c
@@ -30,7 +30,18 @@ static void check_selinux_update_passwd(const char *username)
 	if (!seuser)
 		bb_error_msg_and_die("invalid context '%s'", context);
 	if (strcmp(seuser, username) != 0) {
-		if (checkPasswdAccess(PASSWD__PASSWD) != 0)
+		security_class_t tclass;
+		access_vector_t av;
+
+		tclass = string_to_security_class("passwd");
+		if (tclass == 0)
+			goto die;
+		av = string_to_av_perm(tclass, "passwd");
+		if (av == 0)
+			goto die;
+
+		if (selinux_check_passwd_access(av) != 0)
+ die:
 			bb_error_msg_and_die("SELinux: access denied");
 	}
 	if (ENABLE_FEATURE_CLEAN_UP)